Two sides of the same coin

SUMMARY :

This intelligence report analyzes the similarities between two previously separate APT groups, Team46 and TaxOff, concluding they are likely the same entity. The analysis covers their shared tactics, techniques, and procedures, including similar PowerShell commands, loader functionality, and infrastructure patterns. Key findings include the use of zero-day exploits, complex malware development, and long-term persistence strategies. The report details the groups' use of multi-layered encryption in their loaders, custom obfuscation techniques, and various malware tools like Trinper backdoor and Cobalt Strike. The combined group, now referred to as Team46, demonstrates sophisticated capabilities in targeted attacks against protected infrastructures.

OPENCTI LABELS :

apt,backdoor,cobalt strike,powershell,zero-day,loader,obfuscation,encryption,cve-2025-2783,dante,cve-2024-6473,trinper


Open in NetmanageIT OpenCTI Public Instance with below link!


Use public read only username and password on login page.

NOTE : Use Public READ only user credentials on login page banner.


Two sides of the same coin